edits

Author: jmart1428

learn-pr/azure/cloud-adoption-framework-security/includes/1-introduction.md

@@ -1,4 +1,4 @@
-The Secure methodology in Cloud Adoption Framework for Azure provides a structured approach to help secure your Azure cloud estate.
+The Secure methodology in the Cloud Adoption Framework provides a structured approach to help secure your Azure cloud estate.
 
 The guidance in this module provides recommendations that are relevant to all methodologies within the Cloud Adoption Framework. You should incorporate security measures in every phase of your cloud adoption journey.
 

learn-pr/azure/cloud-adoption-framework-security/includes/2-methodology.md

@@ -6,8 +6,8 @@ This Secure methodology guidance is one component of a larger holistic set of Mi
 
 - [The Azure Well-Architected Framework](/azure/well-architected/security/) provides security best practices for application development and DevOps and DevSecOps processes.
 
-- [The Microsoft Cloud Security Benchmark](/security/benchmark/azure/) provides best practices for stakeholders. It includes security baselines that describe the available security features and recommended optimal configurations for Azure services.
-- [Zero Trust guidance](/security/zero-trust/) provides guidance for security teams. It describes how to implement technical capabilities that support a Zero Trust modernization initiative.
+- [The Microsoft cloud security benchmark](/security/benchmark/azure/) provides best practices for stakeholders. It includes security baselines that describe the available security features and recommended optimal configurations for Azure services.
+- [Zero Trust documentation](/security/zero-trust/) provides guidance for security teams. It describes how to implement technical capabilities that support a Zero Trust modernization initiative.
 
 ## Modernize your security posture
 

learn-pr/azure/cloud-adoption-framework-security/includes/5-plan.md

@@ -28,7 +28,7 @@ Incorporate Zero Trust principles to structure phases and steps for teams. The M
 
 - [Infrastructure](/security/zero-trust/deploy/infrastructure): Guidance for securing cloud infrastructure through strict policies and enforcement strategies.
 
-- [Network](/security/zero-trust/deploy/networks): Guidance for securing your cloud network through segmentation, traffic inspection, and end-to-end encryption.
+- [Networks](/security/zero-trust/deploy/networks): Guidance for securing your cloud network through segmentation, traffic inspection, and end-to-end encryption.
 
 - [Visibility, automation, and orchestration](/security/zero-trust/deploy/visibility-automation-orchestration): Guidance for operational policies and practices that help enforce Zero Trust principles.
 

learn-pr/azure/cloud-adoption-framework-security/includes/6-ready.md

@@ -42,31 +42,33 @@ To [help secure data by default](/azure/cloud-adoption-framework/secure/ready#pr
 - **Multifactor authentication (MFA):** Add an extra layer of security.
 - **Conditional access controls:** Enforce policies based on specific conditions, such as geography or MFA requirements. Ensure that your IAM platform supports these controls.
 
-Microsoft Entra Conditional Access is the Microsoft Zero Trust policy engine. It evaluates signals from various sources to make informed policy decisions.
+### Azure facilitation
+
+[Microsoft Entra Conditional Access](/entra/identity/conditional-access/overview) is the Microsoft Zero Trust policy engine. It evaluates signals from various sources to make informed policy decisions.
 
 ## Prepare for integrity
 
 Ensure that you have [well-governed policies and standards](/azure/cloud-adoption-framework/secure/ready#prepare-for-integrity) for your data and system integrity. Define standards for the following areas.
 
 - **Data management:**
-  - *Create a framework and sensitivity-label taxonomy* to define data security risk categories. Use this taxonomy to simplify data inventory, policy management, and investigation prioritization.
+  - Create a framework and sensitivity-label taxonomy to define data security risk categories. Use this taxonomy to simplify data inventory, policy management, and investigation prioritization.
 
-  - *Automate data verification and validation processes* to reduce the burden on data engineers and minimize human error.
+  - Automate data verification and validation processes to reduce the burden on data engineers and minimize human error.
 
-  - *Establish and regularly test backup policies* to help ensure that data is backed up, correct, and consistent. Align with your recovery target objective (RTO) and recovery point objective (RPO) targets.
+  - Establish and regularly test backup policies to help ensure that data is backed up, correct, and consistent. Align with your recovery target objective (RTO) and recovery point objective (RPO) targets.
 
-  - *Ensure that your cloud provider encrypts data at rest and data in transit by default.* Verify that services in your workloads support and are configured for strong encryption.
+  - Ensure that your cloud provider encrypts data at rest and data in transit by default. Verify that services in your workloads support and are configured for strong encryption.
 
 - **System integrity design patterns:**
-  - *Design a robust security monitoring platform* to detect unauthorized changes.
+  - Design a robust security monitoring platform to detect unauthorized changes.
 
-  - *Use security information and event management (SIEM), security orchestration, automation, and response (SOAR), and threat detection tools* to identify suspicious activities and potential threats.
+  - Use security information and event management (SIEM), security orchestration, automation, and response (SOAR), and threat detection tools to identify suspicious activities and potential threats.
 
-  - *Automate configuration management* to help ensure consistency and reduce human error.
+  - Automate configuration management to help ensure consistency and reduce human error.
 
-  - *Automate patch management* for virtual machines to help ensure regular updates and consistent system versions.
+  - Automate patch management for virtual machines to help ensure regular updates and consistent system versions.
 
-  - *Use infrastructure as code (IaC)* for all deployments. Integrate IaC into your CI/CD pipelines, and apply safe deployment practices.
+  - Use infrastructure as code (IaC) for all deployments. Integrate IaC into your CI/CD pipelines, and apply safe deployment practices.
 
 ### Azure facilitation
 

learn-pr/azure/cloud-adoption-framework-security/includes/7-adopt.md

@@ -95,7 +95,7 @@ Effectively implement and institutionalize encryption and secure access controls
 
 - [Azure confidential computing](/azure/confidential-computing/overview) helps protect data in use with hardware-based trusted implementation environments, which enhances data security even from cloud administrator access.
 
-- [Microsoft Entra ID](/entra/fundamentals/whatis) provides identity and access management with multifactor authentication (MFA), conditional access, and single sign-on.
+- [Microsoft Entra ID](/entra/fundamentals/whatis) provides identity and access management with MFA, conditional access, and single sign-on.
 
   - [Microsoft Entra ID Protection](/entra/id-protection/overview-identity-protection) uses machine learning to identify sign-in risks and unusual behavior, which prevents identity compromise and credential theft.
 
@@ -149,7 +149,7 @@ Focus on establishing and codifying operational practices that [support availabi
 - [Azure Policy](/azure/governance/policy/overview) is a policy management solution that helps enforce organizational standards and assess compliance at scale.
 
 - [Defender for Cloud](/azure/defender-for-cloud/security-policy-concept) provides security policies that can automate compliance with your security standards.
-- Azure [built-in recovery capabilities](/reliability/overview-reliability-guidance) support operational continuity and disaster recovery plans.
+- Azure [built-in recovery capabilities](/azure/reliability/overview-reliability-guidance) support operational continuity and disaster recovery plans.
 
 ## Adopt security sustainment
 

learn-pr/azure/cloud-adoption-framework-security/includes/8-govern.md

@@ -17,7 +17,7 @@ Cloud technology provides on-demand visibility into your [security posture](/azu
 
 - [Microsoft Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction) can help you continuously discover and automatically manage virtual machines in your environment through automatic data collection provisioning.
 
-- [Defender for Cloud Apps](/defender-cloud-apps/what-is-defender-for-cloud-apps) can help you continuously discover and govern software as a service (SaaS) apps in your environments.
+- [Microsoft Defender for Cloud Apps](/defender-cloud-apps/what-is-defender-for-cloud-apps) can help you continuously discover and govern software as a service (SaaS) apps in your environments.
 
 ## Govern incident preparedness and response
 

learn-pr/azure/cloud-adoption-framework-security/includes/9-manage.md

@@ -8,10 +8,10 @@ The Manage phase focuses on the ongoing operation of your cloud estate. You must
 
 Ensure that your observability platform includes thorough monitoring and intelligent alerting. To modernize this platform, adopt a proactive mindset and Zero Trust principles.
 
-- **Assume a breach** in your systems to drive threat hunting and detection engineering. Threat hunting uses a hypothesis-based approach to analyze systems for potential breaches. Detection engineering develops specialized mechanisms to enhance observability platforms for detecting new cyberattacks.
-
 - **Verify explicitly.** Shift from "trust by default" to "trust by exception" by validating trusted activities through visibility. Enhance your observability platform with intelligent identity and access monitoring to detect anomalous behavior in real-time.
 
+- **Assume a breach** in your systems to drive threat hunting and detection engineering. Threat hunting uses a hypothesis-based approach to analyze systems for potential breaches. Detection engineering develops specialized mechanisms to enhance observability platforms for detecting new cyberattacks.
+
 ### Azure facilitation
 
 [Defender XDR](/defender-xdr/m365d-enable) provides advanced threat hunting across multiple domains, like endpoints, cloud apps, and identity.

learn-pr/azure/cloud-adoption-framework-security/index.yml

@@ -14,7 +14,7 @@ title: Prepare for cloud security by using the Microsoft Cloud Adoption Framewor
 summary: |
   Organizations that move to the cloud often find that they need to modernize security practices and tooling to keep up with continuous changes in cloud platforms, business requirements, and security threats. 
   
-  The Cloud Adoption Framework for Azure consists of eight methodologies. This module focuses on the Secure methodology, which provides guidance for the security modernization journey. It includes processes, best practices, models, and experiences. This guidance adheres to the [Zero Trust principles](https://www.microsoft.com/security/business/zero-trust) and the [CIA Triad principles](/azure/cloud-adoption-framework/secure/overview#the-cia-triad).
+  The Cloud Adoption Framework for Azure consists of eight methodologies. This module focuses on the Secure methodology, which provides guidance for the security modernization journey.
 abstract: |
   In this module, you'll learn: 
     - The key aspects of the Secure methodology in the Cloud Adoption Framework.